Security News > 2021 > July > SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack
SolarWinds has issued a hotfix for a zero-day remote code execution vulnerability already under active, yet limited, attack on some of the company's customers.
Though the current threat appears to be from a sole actor and "Involves a limited, targeted set of customers," SolarWinds wanted to remedy the situation before it could escalate, the company said.
SolarWinds does not currently know many customers may be directly affected by the flaw, nor has it identified the ones who were targeted.
SolarWinds likely still has fresh memories of a global supply-chain attack targeting the company's technology that was discovered late last year and stretched well into 2021.
Specifically, attackers installed the Sunburst/Solorigate backdoor inside SolarWinds.
SolarWinds stressed in its advisory that the latest vulnerability is not related to that previous scenario - which cost the company $3.5 million in investigation and remediation expenses - in any way.
News URL
https://threatpost.com/solarwinds-hotfix-zero-day-active-attack/167704/
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Apple backports fix for zero-day exploited in attacks to older iPhones (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)